Hackers threaten University of Manchester staff and students

Hoping for pressure on senior leadership - and it's working

Hackers threaten University of Manchester staff and students

Criminals have emailed students and staff at the university, threatening to leak data unless ransom demands are met.

The move appears to be aimed at getting the university's faculty and students to apply pressure to leadership, after attackers stole what they claim is 7 TB of personal data from university systems earlier this month.

"We would like to inform all students, lecturers, administration, and staff that we have successfully hacked manchester.ac.uk network on June 6 2023," the group wrote in the email, seen by Bleeping Computer.

"We have stolen 7 TB of data, including confidential personal information from students and staff, research data, medical data, police reports, drug test results, databases, HR documents, finance documents, and more."

The email issues a "last warning," saying the attackers will sell the stolen data on the black market if the university fails to meet their demands.

Looking at social media, it appears the pressure tactic is paying dividends:

https://twitter.com/Ele\\_Clayton/status/1671152777928773639?ref\\_src=twsrc%5Etfw

"Following our reporting of a cyber-incident earlier this month, we are aware that some staff and students have been sent emails purporting to be from the people behind it," a university spokeswoman told the BBC.

As well as some basic cyber hygiene advice like reporting malicious emails to IT, she said the university is working to ascertain the extent of data accessed and has allocated "all possible resources" towards addressing the situation.

She added that the university would contact individuals who have been impacted through official channels.

Patrick Hackett, the university's registrar, secretary and chief operating officer, said an unauthorised party accessed certain systems on 6th June. They may have copied data.

"We know this will cause concern to members of our community and we are very sorry for this," he said.

The university, which has approximately 40,000 students, has not yet announced the exact number of individuals impacted by the incident.

No details about the attackers' suspected identity or the attack's nature have been revealed at this time.

The university has clarified that the cyber incident has "no known link" to the recent MOVEit hack, which was attributed to the Clop ransomware gang and affected various organisations, including the BBC, Boots and British Airways.

"We have no indicators to believe that this incident is the work of the same or associated perpetrators of the hacks at MoveIT and Zellis," the university said.

Officials are working with the Information Commissioner's Office, the North West Organised Crime Unit and the National Cyber Security Centre in response to the cyberattack.